Forum Discussion
Nimbostratussnat routing issue - need clarification
I have some non-http servers. I am looking at using no snat and having the servers point to the F5 floater for their default gateway. Without snat, the real ip addreses go the pool member.
Packets 1) client 2.2.2.2 -> vip 5.5.5.5 2) client 2.2.2.2 -> pool_mbr 7.7.7.7
At first glance it seemed it would fail because the client made a connection to the vip address and then it changes on the reply with the client sending it directly to the pool member address.
If I have the servers point to the f5 floater for their default gateway, does this communication still work because of auto lasthop and the connection table?
4 Replies
uniAltocumulus
This will work. The response [7.7.7.7 -> 2.2.2.2] goes from the server to the server's default gateway and LTM's inside self-ip (e.g 7.7.7.1). The LTM then forwards the reply [5.5.5.5 -> 2.2.2.2] back out the external interface, due to auto lasthop if it is enabled, or by LTM route table if auto lasthop is disabled.
John_Ogle_45372Do I need a 0.0.0.0 forwarding VS for this as well? For the return traffic? Or not because it's an existing connection?
- nitass
Employee
Do I need a 0.0.0.0 forwarding VS for this as well? For the return traffic? Or not because it's an existing connection?
generally, virtual server for return traffic is not needed because it is existing connection.
- Kevin_Stewart
If you set up your servers to use the BIG-IP as their default gateway, traffic incoming to the servers will (if enabled) follow the auto lasthop path to return to sender. This is a layer 2 mechanism that records the last "hop" or router and returns to it. On the other hand, now that the BIG-IP is the servers' default gateway, any traffic originating from the server to the world (ie. antivirus updates, etc.) will need a forwarding virtual (listening on the internal interface).
